According to http://www.nytimes.com/external/idg/2008/10/28/28idg-10-best-feature.html Windows 7 will have a cool feature called DirectAccess that "requires deploying IPv6 and IPsec". I know nothing more of this feature than is in the article, but if accurate it may create a client-centric demand for v6, i.e., desirable new functionality that isn't available on v4. Of course, Windows 7 will have to ship first, and then get deployed in the enterprise... --Steve Bellovin, http://www.cs.columbia.edu/~smb
On 29/10/2008, at 3:40 PM, Steven M. Bellovin wrote:
According to http://www.nytimes.com/external/idg/2008/10/28/28idg-10-best-feature.html Windows 7 will have a cool feature called DirectAccess that "requires deploying IPv6 and IPsec". I know nothing more of this feature than is in the article, but if accurate it may create a client-centric demand for v6, i.e., desirable new functionality that isn't available on v4.
Of course, Windows 7 will have to ship first, and then get deployed in the enterprise...
Thanks, Teredo. Interesting point, IPSEC is really useful in IPv6, especially transport mode opportunistic encryption/authentication. But, that requires (in my understanding) keys in DNS, which really needs a secure DNS infrastructure to be, well, secure... stir stir stir Notice the DNSSEC support at the end of page one and beginning of page two. -- Nathan Ward
Nathan Ward wrote:
On 29/10/2008, at 3:40 PM, Steven M. Bellovin wrote:
According to http://www.nytimes.com/external/idg/2008/10/28/28idg-10-best-feature.html Windows 7 will have a cool feature called DirectAccess that "requires deploying IPv6 and IPsec". ...
Thanks, Teredo.
Interesting point, IPSEC is really useful in IPv6, especially transport mode opportunistic encryption/authentication. But, that requires (in my understanding) keys in DNS, which really needs a secure DNS infrastructure to be, well, secure...
...
The new UDP-based RTMFP protocol that just shipped in Flash Player 10 will automatically use IPv6 for both client-server (to Flash Media Server) and direct Flash Player-to-Flash Player communication if there is a working IPv6 path between the endpoints and it is at least as fast or faster than the IPv4 path latency-wise. (Not that there are many of those these days... but as they start to exist, you'll start seeing the traffic on them) It is also encrypted and (in some cases) authenticated. Matthew Kaufman matthew@eeph.com http://www.matthew.at
On Tue, 28 Oct 2008, Steven M. Bellovin wrote:
Windows 7 will have a cool feature called DirectAccess that "requires deploying IPv6 and IPsec". I know nothing more of this feature than is in the article, but if accurate it may create a client-centric demand for v6, i.e., desirable new functionality that isn't available on v4.
Microsoft has been at at least two events I've attended and done presentations about a strategy that sounds like what you're talking about. They claim they will deploy IPv6 in their worldwide enterprise network, do away with central based enterprise firewalls and do host-to-host IPv6+IPSEC, Active Directory based certificates for authentication. They indicate this as a strategy to do away with VPN clients, so in order to reach your work resources from home you'd need to have some kind of IPv6 connectivity, tunneled or not. You'd then connect to all resources using IPv6 totally transparently to you. All security would be host based. I am quite impressed by this strategy as it re-implements the end-to-end principle of the Internet that most of us appreciate. I also bought their claim about much improved security and their 5 year long track of no remote exploits like Slammer, when they had to release their emergency patch for that RPC based remote exploit the other week, which kind of broke their streak... :P Let's hope they can sell this to all the enterprise guys, as I am very tired of all the problems caused by multiple layers of NATs and PAT. -- Mikael Abrahamsson email: swmike@swm.pp.se
Mikael Abrahamsson wrote:
On Tue, 28 Oct 2008, Steven M. Bellovin wrote:
They claim they will deploy IPv6 in their worldwide enterprise network, do away with central based enterprise firewalls and do host-to-host IPv6+IPSEC, Active Directory based certificates for authentication.
You know that windows 2000 was released with this functionality. Its nothing new and it is not ipv6 specific. Who is using it precisely?
On Oct 29, 2008, at 10:32 AM, Joe Maimon wrote:
Mikael Abrahamsson wrote:
On Tue, 28 Oct 2008, Steven M. Bellovin wrote:
They claim they will deploy IPv6 in their worldwide enterprise network, do away with central based enterprise firewalls and do host-to-host IPv6+IPSEC, Active Directory based certificates for authentication.
You know that windows 2000 was released with this functionality. Its nothing new and it is not ipv6 specific.
Who is using it precisely?
Microsoft, on 200,000 computers at the time of the paper below. http://technet.microsoft.com/en-us/library/bb735174.aspx We have a couple of departments using IPsec here and one more seriously looking at it. (Mainly a matter of finding time to test and implement.) Plus there are at least a couple of other Universities. http://members.microsoft.com/CustomerEvidence/Search/EvidenceDetails.aspx?EvidenceID=14258&LanguageID=1 https://members.microsoft.com/customerevidence/search/EvidenceDetails.aspx?EvidenceID=14205&LanguageID=1 And I see a City has been added to the list. http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000161 http://www.cu.ipv6tf.org/pdf/v6security_6Sense_Jan2006.pdf --- Bruce Curtis bruce.curtis@ndsu.edu Certified NetAnalyst II 701-231-8527 North Dakota State University
Kind of a side question but we have not implemented IPv6 in our network yet, nor have we made any plans to do this in the near future. Our management does not see a need for it as our customer base is not requesting it at this time. Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage? Bruce Curtis wrote:
On Oct 29, 2008, at 10:32 AM, Joe Maimon wrote:
Mikael Abrahamsson wrote:
On Tue, 28 Oct 2008, Steven M. Bellovin wrote:
They claim they will deploy IPv6 in their worldwide enterprise network, do away with central based enterprise firewalls and do host-to-host IPv6+IPSEC, Active Directory based certificates for authentication.
You know that windows 2000 was released with this functionality. Its nothing new and it is not ipv6 specific.
Who is using it precisely?
Microsoft, on 200,000 computers at the time of the paper below.
http://technet.microsoft.com/en-us/library/bb735174.aspx
We have a couple of departments using IPsec here and one more seriously looking at it. (Mainly a matter of finding time to test and implement.)
Plus there are at least a couple of other Universities.
And I see a City has been added to the list.
http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000161
http://www.cu.ipv6tf.org/pdf/v6security_6Sense_Jan2006.pdf
--- Bruce Curtis bruce.curtis@ndsu.edu Certified NetAnalyst II 701-231-8527 North Dakota State University
-- Steve King Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
On 30/10/2008, at 11:32 AM, Steven King wrote:
Kind of a side question but we have not implemented IPv6 in our network yet, nor have we made any plans to do this in the near future. Our management does not see a need for it as our customer base is not requesting it at this time.
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
Do your customers ask for IPv4, or do they just connect to the "Internet" as you tell them? Your customers are never going to ask, unless they have some propeller- head who wants to be on the latest "version of the Internet". If you tell them that you're giving them IPv6 service, you'll find they start using it, and they'll ask other providers for it when re- evaluating their service providers, and decide to stick with you as you're forward looking and all that stuff. I'm so over this chicken/egg thing it's not even funny, just do it already. Well, if you don't it's no problem I suppose, your users are automatically tunnelling across you already. If you're only thinking about doing a small IPv6 deployment now, you're behind the curve. -- Nathan Ward
question - "beginning a small deployment of IPv6 now even if its just for internal usage" Sure! there are plenty of reasons .........most obvious one is to feel confortable about ipv6 --- On Wed, 10/29/08, Steven King <sking@kingrst.com> wrote:
From: Steven King <sking@kingrst.com> Subject: Re: Another driver for v6? To: "Bruce Curtis" <bruce.curtis@ndsu.edu> Cc: nanog@nanog.org Date: Wednesday, October 29, 2008, 11:32 PM Kind of a side question but we have not implemented IPv6 in our network yet, nor have we made any plans to do this in the near future. Our management does not see a need for it as our customer base is not requesting it at this time.
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
Bruce Curtis wrote:
On Oct 29, 2008, at 10:32 AM, Joe Maimon wrote:
Mikael Abrahamsson wrote:
On Tue, 28 Oct 2008, Steven M. Bellovin wrote:
They claim they will deploy IPv6 in their
network, do away with central based enterprise firewalls and do host-to-host IPv6+IPSEC, Active Directory
authentication.
You know that windows 2000 was released with this functionality. Its nothing new and it is not ipv6 specific.
Who is using it precisely?
Microsoft, on 200,000 computers at the time of the
worldwide enterprise based certificates for paper below.
http://technet.microsoft.com/en-us/library/bb735174.aspx
We have a couple of departments using IPsec here and
one more
seriously looking at it. (Mainly a matter of finding time to test and implement.)
Plus there are at least a couple of other Universities.
And I see a City has been added to the list.
http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000161
http://www.cu.ipv6tf.org/pdf/v6security_6Sense_Jan2006.pdf
--- Bruce Curtis
bruce.curtis@ndsu.edu
Certified NetAnalyst II 701-231-8527 North Dakota State University
-- Steve King
Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
I personally agree with that. Now only if I can convince our management to start work on that. isabel dias wrote:
question - "beginning a small deployment of IPv6 now even if its just for internal usage"
Sure! there are plenty of reasons .........most obvious one is to feel confortable about ipv6
--- On Wed, 10/29/08, Steven King <sking@kingrst.com> wrote:
From: Steven King <sking@kingrst.com> Subject: Re: Another driver for v6? To: "Bruce Curtis" <bruce.curtis@ndsu.edu> Cc: nanog@nanog.org Date: Wednesday, October 29, 2008, 11:32 PM Kind of a side question but we have not implemented IPv6 in our network yet, nor have we made any plans to do this in the near future. Our management does not see a need for it as our customer base is not requesting it at this time.
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
Bruce Curtis wrote:
On Oct 29, 2008, at 10:32 AM, Joe Maimon wrote:
Mikael Abrahamsson wrote:
On Tue, 28 Oct 2008, Steven M. Bellovin wrote:
They claim they will deploy IPv6 in their
worldwide enterprise
network, do away with central based enterprise
firewalls and do
host-to-host IPv6+IPSEC, Active Directory
based certificates for
authentication.
You know that windows 2000 was released with this
functionality. Its
nothing new and it is not ipv6 specific.
Who is using it precisely?
Microsoft, on 200,000 computers at the time of the
paper below.
http://technet.microsoft.com/en-us/library/bb735174.aspx
We have a couple of departments using IPsec here and
one more
seriously looking at it. (Mainly a matter of finding
time to test and
implement.)
Plus there are at least a couple of other
Universities.
And I see a City has been added to the list.
http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000161
http://www.cu.ipv6tf.org/pdf/v6security_6Sense_Jan2006.pdf
--- Bruce Curtis
bruce.curtis@ndsu.edu
Certified NetAnalyst II 701-231-8527 North Dakota State University
-- Steve King
Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
-- Steve King Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
On 30/10/2008, at 11:48 AM, Steven King wrote:
I personally agree with that. Now only if I can convince our management to start work on that.
isabel dias wrote:
question - "beginning a small deployment of IPv6 now even if its just for internal usage"
Sure! there are plenty of reasons .........most obvious one is to feel confortable about ipv6
Another related good reason is so that in 18 months when they decide they need it done last week, contractors like myself don't charge you through the nose to implement it because management wouldn't let you guys skill up on a test network now. That makes it a monetary thing, something they understand better perhaps.. Yep, this post is going against my best instincts. -- Nathan Ward
On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At this point, I'd say people are still trying to figure out how clients will migrate to IPv6. Which seems like a pretty bad time to still be trying to figure that out, but ohwell. It is at this time more a question of strategic positioning. The kind of thing your boss should be thinking about. Switching your management network to IPv6 single-stack frees up IPv4 addresses (depending on how big your management network is) to use in customer-facing areas, which gives your network longer legs in the projected IPv4 address shortfall. If you get really pressed, you can tunnel your IPv4 network over an IPv6-only backbone, giving you another handful of precious moneymaking IPv4 addresses. Having your backbone and servers AAAA'd (even on separate FQDN's), tested, and ready to go puts you ahead of the curve if clients start rolling out (you can just move your AAAA's around). Starting now on collecting IPv6 peering wherever you peer puts you ahead of the curve in the quality of your network's connectedness, again presuming this IPv6 thing takes off. And of course you need to "run your own dog food" on internal LANs before you start telling customers these IPv6 address thingies are useful. IPv6: It's kind of like storing dry food in preparation for the apocalypse. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
On Wed, 29 Oct 2008 16:29:40 -0700 "David W. Hankins" <David_Hankins@isc.org> wrote:
On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At this point, I'd say people are still trying to figure out how clients will migrate to IPv6. Which seems like a pretty bad time to still be trying to figure that out, but ohwell.
Once, after hearing Vint Cerf give a cheerleading talk for v6, I asked why google.com didn't have a AAAA record. He just groaned -- but of course I knew the answer just as well as he did.
It is at this time more a question of strategic positioning. The kind of thing your boss should be thinking about.
Switching your management network to IPv6 single-stack frees up IPv4 addresses (depending on how big your management network is) to use in customer-facing areas, which gives your network longer legs in the projected IPv4 address shortfall. If you get really pressed, you can tunnel your IPv4 network over an IPv6-only backbone, giving you another handful of precious moneymaking IPv4 addresses.
Having your backbone and servers AAAA'd (even on separate FQDN's), tested, and ready to go puts you ahead of the curve if clients start rolling out (you can just move your AAAA's around).
Starting now on collecting IPv6 peering wherever you peer puts you ahead of the curve in the quality of your network's connectedness, again presuming this IPv6 thing takes off.
And of course you need to "run your own dog food" on internal LANs before you start telling customers these IPv6 address thingies are useful.
IPv6: It's kind of like storing dry food in preparation for the apocalypse.
I'd rate the probability of v6 as rather higher... More seriously -- you need to get experience with it, and you need to at least understand where your internal support systems and databases have v4-only wired in. I'm not saying that substantial, real-world demand for v6 is imminent or even certain (although frankly, I regard it as more likely than not). I am saying that the probability of it is high enough that preparation is simply ordinary prudence. I posted the story link because for the first time since v6 was real, there's a *feature* that people will want that relies on it. Never mind lots of addresses; you can't easily sell that to management. But something that will make security management easier and cheaper -- you may be able to avoid triangle routing, with the consequent need for bigger pipes -- is a story they'll understand. You want to be ready to serve those customers. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Wed, 29 Oct 2008, David W. Hankins wrote:
On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At
Could you please elaborate on this point? My data presented <http://www.ops.ietf.org/lists/v6ops/v6ops.2008/msg01582.html> indicates that there are very very few (the longer I collected the data, the better the ratio got) who cannot properly fetch a resource that has A/AAAA.
this point, I'd say people are still trying to figure out how clients will migrate to IPv6. Which seems like a pretty bad time to still be trying to figure that out, but ohwell.
6to4 and Teredo traffic is increasing very rapidly, so that seems to be one path taken right now: <http://ipv6.tele2.net/mrtg/total.html> (We have all our IPv6 related stats and info on <http://ipv6.tele2.net/>) But yes, how to get native to residential users is still not hammered out.
And of course you need to "run your own dog food" on internal LANs before you start telling customers these IPv6 address thingies are useful.
Quite, I think OSS/BSS is going to be a bigger challenge than actually moving the IPv6 packets.
IPv6: It's kind of like storing dry food in preparation for the apocalypse.
If you actually KNOW the apocalypse is coming (but not when), this is correct. -- Mikael Abrahamsson email: swmike@swm.pp.se
Mikael Abrahamsson wrote:
But yes, how to get native to residential users is still not hammered out. It's been an issuing weighing our our minds for a while. We've gone dual stack but getting it into the last mile (ADSL) is quite hard and running a tunnel server is ugly.
Main issue is BRAS support from our vendor as well as ADSL CPE under US$100 (eg. not Cisco 8xx series).
Quite, I think OSS/BSS is going to be a bigger challenge than actually moving the IPv6 packets. Moving packets is pretty easy. We went to dual stack in the core in just a couple of months for a network spanning 3 continents. Getting our customer management systems and BRASes talking IPv6 is going to take a lot longer. Getting our systems group to IPv6 enable resolvers, dns etc is also taking longer than it should.
MMC
On 30/10/08 07:10, Mikael Abrahamsson wrote:
On Wed, 29 Oct 2008, David W. Hankins wrote:
On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At
Could you please elaborate on this point? My data presented <http://www.ops.ietf.org/lists/v6ops/v6ops.2008/msg01582.html> indicates that there are very very few (the longer I collected the data, the better the ratio got) who cannot properly fetch a resource that has A/AAAA.
Your stats (which are very interesting btw, thanks for doing the work) suggest that the number of clients that would make use of the AAAA record for a dual-stack service is about the same as the number of clients that would fail in the event that both A and AAAA were present. That's not exactly an incentive to content providers is it?
IPv6: It's kind of like storing dry food in preparation for the apocalypse.
If you actually KNOW the apocalypse is coming (but not when), this is correct.
The end is nigh - http://penrose.uk6x.com/ Mat
On Thu, 30 Oct 2008, Matthew Ford wrote:
Your stats (which are very interesting btw, thanks for doing the work) suggest that the number of clients that would make use of the AAAA record for a dual-stack service is about the same as the number of clients that would fail in the event that both A and AAAA were present. That's not exactly an incentive to content providers is it?
The last couple of days the ratio went down to less than 0.3% who would potentially get in trouble (factor is most likely less as the measurement method penalises later objects). But yes, there is absolutely no upside to deploying IPv6 for content providers in the short term. It's like Y2K, there was NO upside to fixing it until December 31 1999. -- Mikael Abrahamsson email: swmike@swm.pp.se
On Thu, Oct 30, 2008 at 08:10:26AM +0100, Mikael Abrahamsson wrote:
On Wed, 29 Oct 2008, David W. Hankins wrote:
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At
Could you please elaborate on this point? My data presented <http://www.ops.ietf.org/lists/v6ops/v6ops.2008/msg01582.html> indicates that there are very very few (the longer I collected the data, the better the ratio got) who cannot properly fetch a resource that has A/AAAA.
I'm sorry I led you down the wrong ferret hole. The issue isn't directly the involvement of a A/AAAA mixed RRsets. The issue is that such dual placement complicates debugging and operations. If someone can't reach www.google.com now, you know that it is either a DNS or IPv4 issue. It is very straightforward. If someone can't reach the hypothetical A/AAAA www.google.com RRset, you've just increased your support costs. "My network is slow." "Are you using IPv4 or IPv6?" "Netscape." This costs you something, but doesn't gain anything. Nevermind that IPv6 often breaks at some networks, and no one at the remote network seems to care to fix it. It is someone's experiment. I'm recommending a variety of caution which is to go ahead and deploy your initial/experimental IPv6 on separate FQDN's, so that you can easily migrate your AAAA's onto "production names" when there is an advantage to doing so, and in the meantime you aren't breaking anything for the rest of the planet.
will migrate to IPv6. Which seems like a pretty bad time to still be trying to figure that out, but ohwell.
6to4 and Teredo traffic is increasing very rapidly, so that seems to be one path taken right now:
I don't know how to ask this question without sounding mean, but did the graph spike out of zero, or did you start collecting two months ago? Both Teredo and 6to4 strike me as a kind of network operations "terrorism." That is, the clients that engage in this automatically. It proposes precisely the same support-cost-increase problem for the ISP ("My network is slow." "Are you using IPv4 or IPv6?" "Netscape."), and it's not clear to me how an ISP can "opt out". So it's kind of like these OS manufacturers are sending ISP's a little message; spend your support costs, or we'll spend them for you. I'm not sure that's productive overall.
IPv6: It's kind of like storing dry food in preparation for the apocalypse.
If you actually KNOW the apocalypse is coming (but not when), this is correct.
I think everyone knows the IPv4 shortfall is coming. I do not think the world's view of the consequences is consistent yet. So I don't think it matters; it's prudent to get a defensible position today. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
On 30 Oct 2008, at 15:47, David W. Hankins wrote:
If someone can't reach the hypothetical A/AAAA www.google.com RRset, you've just increased your support costs. "My network is slow." "Are you using IPv4 or IPv6?" "Netscape."
Do you think that industry should be working to some kind of well supported / worldwide flag day when lots of popular resources add v6 records at the same time ? In the same way that in the UK, appliance manufacturers have been educating people about the analogue terrestrial TV switchoff by 2012, do you think that we should be advocating a 'internet PLUS day' some time in (date plucked from the air) 2014 ? -a
In the same way that in the UK, appliance manufacturers have been educating people about the analogue terrestrial TV switchoff by 2012, do you think that we should be advocating a 'internet PLUS day' some time in (date plucked from the air) 2014 ?
Actually, the Internet PLUS day should be tied to some other event, say the London 2012 Olympics. That would be a kind of launch event for a lot of people to make IPv6 services available. Then, a few years after this, we could have an Internet version 4 eulogy event and get a lot of ISPs to shut off legacy IPv4 services. That would have to be 2016 or later and it wouldn't be like the analog TV shutoff, because it would not be a 100% shutoff. I think that technical people underestimate the impact that this type of an event can provide. While we want to avoid being forced into a flag-day switchover, that does not mean that a flag day is all bad. We could have the Internet PLUS flag day in order to raise awareness and give ISPs a target to shoot for. --Michael Dillon
michael.dillon@bt.com wrote:
I think that technical people underestimate the impact that this type of an event can provide. While we want to avoid being forced into a flag-day switchover, that does not mean that a flag day is all bad. We could have the Internet PLUS flag day in order to raise awareness and give ISPs a target to shoot for.
"This new internet is brought to you by Pepsi: the choice a new version!" or maybe "IPv6 tastes good, like an Internet should" or, oh never mind :) Mike
--Michael Dillon
On Thu, 30 Oct 2008 15:55:01 -0000, Andy Davidson said:
In the same way that in the UK, appliance manufacturers have been educating people about the analogue terrestrial TV switchoff by 2012,
Is your side of the pond any more ready than our side is for next Febuary's drop-dead cutoff?
On Thu, Oct 30, 2008 at 03:55:01PM +0000, Andy Davidson wrote:
Do you think that industry should be working to some kind of well supported / worldwide flag day when lots of popular resources add v6 records at the same time ?
This is a sound evolutionary tactic lemmings use. =) But I'll take you one step simpler; get the industry to choose a day where it will no longer be acceptable to treat IPv6 like an experimental project. Sometime last year would have been great. If you can do that, then the RRset changes would come naturally afterwards. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
David W. Hankins wrote:
On Thu, Oct 30, 2008 at 03:55:01PM +0000, Andy Davidson wrote:
Do you think that industry should be working to some kind of well supported / worldwide flag day when lots of popular resources add v6 records at the same time ?
This is a sound evolutionary tactic lemmings use. =)
I know this is way OT, but I can't let it pass. The lemming suicide myth was created by a very questionable Walt Disney documentary: http://www.wildlifenews.alaska.gov/index.cfm?adfg=wildlife_news.view_article&issue_id=6&articles_id=56
On Fri, Oct 31, 2008 at 10:41:01AM -0600, Mike Lewinski wrote:
This is a sound evolutionary tactic lemmings use. =)
I know this is way OT, but I can't let it pass. The lemming suicide myth was created by a very questionable Walt Disney documentary:
This is also way OT, but I was actually thinking more of Lemmings(TM), the video game, as I am not really very familiar with rodents. We've already got sixxs and hurricane electric set as tunnel lemmings, we can get through the IPv4 address shortfall by setting a variety of other ISP's to explode and build bridges... The only thing to iron out is: Who gets to be (golden) parachute lemmings? -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
David W. Hankins wrote:
On Fri, Oct 31, 2008 at 10:41:01AM -0600, Mike Lewinski wrote:
This is a sound evolutionary tactic lemmings use. =) I know this is way OT, but I can't let it pass. The lemming suicide myth was created by a very questionable Walt Disney documentary:
This is also way OT, but I was actually thinking more of Lemmings(TM), the video game, as I am not really very familiar with rodents.
We've already got sixxs and hurricane electric set as tunnel lemmings, we can get through the IPv4 address shortfall by setting a variety of other ISP's to explode and build bridges...
For the end-users who use those services, I am pretty sure it is more the user playing the game (aka the services providing guidance), than being the lemmings who just keep on running and commit suicide (aka the networks who are not moving, getting experience and doing something). Greets, Jeroen (Who still ranks Lemmings(tm) as one of the top games ever, simple and way too much fun, Amiga Lemmings X-mas special anyone? :) )
ever heard of the concept "open market" ipv4 address space delegations will just move from the rirs to places like ebay, problem solved. most of it is unused anyway (milnet, amateur radio ranges, etc) -- HRH Sven Olaf Prinz von CyberBunker-Kamphuis, MP. Minister of Telecommunications, Republic CyberBunker. Phone: +49/163-4405069 Phone: +49/30-36731425 Skype: CB3ROB MSN: sven@cb3rob.net C.V.: http://www.linkedin.com/in/cb3rob Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 31 Oct 2008, Jeroen Massar wrote:
David W. Hankins wrote:
On Fri, Oct 31, 2008 at 10:41:01AM -0600, Mike Lewinski wrote:
This is a sound evolutionary tactic lemmings use. =) I know this is way OT, but I can't let it pass. The lemming suicide myth was created by a very questionable Walt Disney documentary:
This is also way OT, but I was actually thinking more of Lemmings(TM), the video game, as I am not really very familiar with rodents.
We've already got sixxs and hurricane electric set as tunnel lemmings, we can get through the IPv4 address shortfall by setting a variety of other ISP's to explode and build bridges...
For the end-users who use those services, I am pretty sure it is more the user playing the game (aka the services providing guidance), than being the lemmings who just keep on running and commit suicide (aka the networks who are not moving, getting experience and doing something).
Greets, Jeroen (Who still ranks Lemmings(tm) as one of the top games ever, simple and way too much fun, Amiga Lemmings X-mas special anyone? :) )
On Fri, 31 Oct 2008, HRH Sven Olaf Prinz von CyberBunker-Kamphuis MP wrote:
ever heard of the concept "open market"
ipv4 address space delegations will just move from the rirs to places like ebay, problem solved.
Are you willing to pay premium to get global IPv4 address? Are you willing to pay non-dynamic global IPv4 addresses for your servers?
most of it is unused anyway (milnet, amateur radio ranges, etc)
Did you consider operational consequences? No prefix allocation database? No routing database? Address collisions? Fighting for announcing more specifics to use your allocated addresses? Regards, Janos Mohacsi
i'm slightly worried about feeding trolls here but it's sunday here. HRH Sven Olaf Prinz von CyberBunker-Kamphuis MP <sven@cyberbunker.com> writes:
ever heard of the concept "open market"
ipv4 address space delegations will just move from the rirs to places like ebay, problem solved.
most of it is unused anyway (milnet, amateur radio ranges, etc)
the human, as a species in the animal kingdom, is known to be the kind of animal who fouls its own nest and overruns its habitat. the idea of a tipping point, whether it be for CO2 in the atmosphere or polar ice shelves or explosively deaggregated IPv4 routing tables, does not occur in the minds of individual decision makers. instead it's left to us "chicken little" types, and the only way the individual decision makers ever make their decisions on the basis of tipping points is if some kind of "governance" makes them do so. -- Paul Vixie
On Thu, 30 Oct 2008, David W. Hankins wrote:
I don't know how to ask this question without sounding mean, but did the graph spike out of zero, or did you start collecting two months ago?
It spiked out of zero as we put up our 6to4 and teredo relays approx two months ago. I don't know where the traffic was before, probably at other peoples 6to4 relays. -- Mikael Abrahamsson email: swmike@swm.pp.se
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN).
If you're going to use emotionally charged language then don't shoot yourself in the foot by using such an illogical and contrary example. Google is a very big network-oriented company and they have indeed deployed IPv6 in a customer-facing sense. To follow in their footsteps is not lunacy. They have shown that when you have a large distributed load-sharing platform, it is perfectly safe to deploy IPv6 as an alternate service entry point, in the same way that they have mail.google.com and docs.google as separate service entry points. Most people who are urging ISPs to deploy IPv6 are not telling them to do stupid things like run out and add AAAA records to all their domain names. We are telling people to trial and test IPv6 in the lab, and then roll out specific targeted IPv6 services like a 6to4 relay. Above all, don't be a lunatic, and do educate yourself and your staff before you make a move. IPv6 deployment is not a greenfield deployment so you have to weave it into the fabric of your own unique network architecture. That requires understanding of IPv6 which you can only get by trying it out yourself in your lab environment.
At this point, I'd say people are still trying to figure out how clients will migrate to IPv6.
That is a pretty dumb thing to do. Clients have already migrated to IPv6 years ago using the technology given to them by Apple, Microsoft and the free UNIXes. Job 1 is to support those clients. Job 2 is to figure out how you can deploy IPv6 at your network edge in such a way that you can grow the edge without consuming IPv4 addresses. For many small and mid-size ISPs, Job 2 does not involve anything to do with the customer's "modem" device because you don't have the kind of relationship with "modem" vendors to influence their product development. So focus on your own network edge, not on your customers' network edges.
It is at this time more a question of strategic positioning. The kind of thing your boss should be thinking about.
Bosses really appreciate well-reasoned white papers with a clear and straightforward management summary on the first page. Do you have the information and understanding of IPv6 in order to write such a white paper?
Switching your management network to IPv6 single-stack
This may actually be the last and toughest thing that ISPs do because of the variety of software and stuff in the management network. --Michael Dillon
* David W. Hankins
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At this point, I'd say people are still trying to figure out how clients will migrate to IPv6. Which seems like a pretty bad time to still be trying to figure that out, but ohwell.
Google has been testing this a bit on their main pages. Select quotes from the presentation of their results:
0.238% of users have useful IPv6 connectivity (and prefer IPv6) 0.09% of users have broken IPv6 connectivity
The summary disagrees with you about the «almost lunacy» part:
It's not that broken - ~0.09% clients lost, ~150ms extra latency - don't believe the FUD
The slides are here, they're worth a look in my opinion: http://rosie.ripe.net/ripe/meetings/ripe-57/presentations/uploads/Thursday/P... 14:00/upl/Colitti-Global_IPv6_statistics_-_Measuring_the_current_state_of_IPv6_for_ordinary_users.xD5A.pdf Best regards, -- Tore Anderson
Google's statistics are using themselves as the subject, a fixed point in the network. It's hard to guarantee that subjective experience is going to be equal across the entirety of the network, but let us presume for the purpose of discussion that they are. I think the point in the final analysis for customer-facing FQDN's is; 1) How much in USD is 0.09% loss of sales/customer-experience/etc? 2) What amount in USD is acceptable to lose, in order to gain IPv6's advantages? Be sure to include recurring support costs, abuse, and engineering manhours for the design and deployment. Note that the second question is a subjective cost/value analysis, and the typical operator may not find much value in IPv6 (today). So again, in summary, I absolutely think every network needs to be getting IPv6 into their workshops. You have to be prepared for what's coming. I'm still recommending a variety of caution in that first deployment on production systems. -- Ash bugud-gul durbatuluk agh burzum-ishi krimpatul. Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/ -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
According to <http://www.getipv6.info/index.php/First_Steps_for_ISPs> you should deploy some IPv6 transition technology to make sure that your network does not cause problems for the growing number of your customers who are already using IPv6. Of course, getting up to speed on IPv6 is also a worthy goal especially since it enables you to move much more quickly if IPv6 takes off suddenly. --Michael Dillon
participants (21)
-
Andy Davidson
-
Bruce Curtis
-
David W. Hankins
-
HRH Sven Olaf Prinz von CyberBunker-Kamphuis MP
-
isabel dias
-
Jeroen Massar
-
Joe Maimon
-
Matthew Ford
-
Matthew Kaufman
-
Matthew Moyle-Croft
-
Michael Thomas
-
michael.dillon@bt.com
-
Mikael Abrahamsson
-
Mike Lewinski
-
Mohacsi Janos
-
Nathan Ward
-
Paul Vixie
-
Steven King
-
Steven M. Bellovin
-
Tore Anderson
-
Valdis.Kletnieks@vt.edu